[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

kov at webkit.org kov at webkit.org
Thu Apr 8 01:14:47 UTC 2010 

The following commit has been merged in the webkit-1.2 branch:
commit 8640239655e842fcb1efaf43cecd1dc7178f5df6
Author: kov at webkit.org <kov at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Jan 19 19:11:23 2010 +0000

            Reviewed by Xan Lopez.
    
            [GTK] More crashes related to the clipboard management
            https://bugs.webkit.org/show_bug.cgi?id=33746
    
            Pass the WebKitWebView object (which is a GObject, thus
            ref-counted) to the clipboard functions instead of passing the
            Page - this allows us to explicitely protect the object inbetween
            the clipboard call and its callbacks, which fixes the crash.
    
            * WebCoreSupport/EditorClientGtk.cpp:
            (WebKit::EditorClient::respondToChangedSelection):
            * WebCoreSupport/PasteboardHelperGtk.cpp:
            (WebKit::getClipboardContentsCallback):
            (WebKit::clearClipboardContentsCallback):
            (WebKit::PasteboardHelperGtk::writeClipboardContents):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@53477 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebKit/gtk/ChangeLog b/WebKit/gtk/ChangeLog
index c418e3a..15d50f5 100644
--- a/WebKit/gtk/ChangeLog
+++ b/WebKit/gtk/ChangeLog
@@ -1,3 +1,22 @@
+2010-01-19  Gustavo Noronha Silva  <gns at gnome.org>
+
+        Reviewed by Xan Lopez.
+
+        [GTK] More crashes related to the clipboard management
+        https://bugs.webkit.org/show_bug.cgi?id=33746
+
+        Pass the WebKitWebView object (which is a GObject, thus
+        ref-counted) to the clipboard functions instead of passing the
+        Page - this allows us to explicitely protect the object inbetween
+        the clipboard call and its callbacks, which fixes the crash.
+
+        * WebCoreSupport/EditorClientGtk.cpp:
+        (WebKit::EditorClient::respondToChangedSelection):
+        * WebCoreSupport/PasteboardHelperGtk.cpp:
+        (WebKit::getClipboardContentsCallback):
+        (WebKit::clearClipboardContentsCallback):
+        (WebKit::PasteboardHelperGtk::writeClipboardContents):
+
 2010-01-15  Alejandro G. Castro  <alex at igalia.com>
 
         Reviewed by Xan Lopez.
diff --git a/WebKit/gtk/WebCoreSupport/EditorClientGtk.cpp b/WebKit/gtk/WebCoreSupport/EditorClientGtk.cpp
index 266723b..02d1a53 100644
--- a/WebKit/gtk/WebCoreSupport/EditorClientGtk.cpp
+++ b/WebKit/gtk/WebCoreSupport/EditorClientGtk.cpp
@@ -206,7 +206,7 @@ void EditorClient::respondToChangedSelection()
     if (targetFrame->selection()->isRange()) {
         dataObject->clear();
         dataObject->setRange(targetFrame->selection()->toNormalizedRange());
-        pasteboardHelperInstance()->writeClipboardContents(clipboard, corePage);
+        pasteboardHelperInstance()->writeClipboardContents(clipboard, m_webView);
     }
 #endif
 
diff --git a/WebKit/gtk/WebCoreSupport/PasteboardHelperGtk.cpp b/WebKit/gtk/WebCoreSupport/PasteboardHelperGtk.cpp
index 37f3b18..8406ada 100644
--- a/WebKit/gtk/WebCoreSupport/PasteboardHelperGtk.cpp
+++ b/WebKit/gtk/WebCoreSupport/PasteboardHelperGtk.cpp
@@ -122,20 +122,27 @@ static void clearClipboardContentsCallback(GtkClipboard* clipboard, gpointer dat
 
     DataObjectGtk* dataObject = DataObjectGtk::forClipboard(clipboard);
     ASSERT(dataObject);
-
     dataObject->clear();
-    if (data) {
-        WebCore::Page* corePage = reinterpret_cast<WebCore::Page*>(data);
 
-        if (!corePage->focusController())
-            return;
+    // This will be true for clipboards other than X11 primary.
+    if (!data)
+        return;
 
-        Frame* frame = corePage->focusController()->focusedOrMainFrame();
+    WebKitWebView* webView = reinterpret_cast<WebKitWebView*>(data);
+    WebCore::Page* corePage = core(webView);
 
-        // Collapse the selection without clearing it
-        ASSERT(frame);
-        frame->selection()->setBase(frame->selection()->extent(), frame->selection()->affinity());
+    if (!corePage || !corePage->focusController()) {
+        g_object_unref(webView);
+        return;
     }
+
+    Frame* frame = corePage->focusController()->focusedOrMainFrame();
+
+    // Collapse the selection without clearing it
+    ASSERT(frame);
+    frame->selection()->setBase(frame->selection()->extent(), frame->selection()->affinity());
+
+    g_object_unref(webView);
 }
 
 void PasteboardHelperGtk::writeClipboardContents(GtkClipboard* clipboard, gpointer data)
@@ -148,9 +155,19 @@ void PasteboardHelperGtk::writeClipboardContents(GtkClipboard* clipboard, gpoint
 
     if (numberOfTargets > 0 && table) {
         settingClipboard = true;
-        gtk_clipboard_set_with_data(clipboard, table, numberOfTargets,
-                                    getClipboardContentsCallback,
-                                    clearClipboardContentsCallback, data);
+
+        // Protect the web view from being destroyed before one of the clipboard callbacks
+        // is called. Balanced in both getClipboardContentsCallback and
+        // clearClipboardContentsCallback.
+        WebKitWebView* webView = static_cast<WebKitWebView*>(data);
+        g_object_ref(webView);
+
+        gboolean succeeded = gtk_clipboard_set_with_data(clipboard, table, numberOfTargets,
+                                                         getClipboardContentsCallback,
+                                                         clearClipboardContentsCallback, data);
+        if (!succeeded)
+            g_object_unref(webView);
+
         settingClipboard = false;
     } else
         gtk_clipboard_clear(clipboard);

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list